Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-48285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. CVE-2022-48285 Note that Nessus relies on the presence of the package as...

7.3CVSS6.7AI score0.01411EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/22 3:54 a.m.20 views

Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)

Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/12 9:26 a.m.35 views

Security Bulletin: Potential Directory Traversal Vulnerability in Apache Ant shipped with IBM Operations Analytics - Log Analysis (CVE-2022-48285)

Summary There is a potential directory traversal vulnerability via a crafted zip in Apache Ant Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with...

7.3CVSS7.5AI score0.01411EPSS
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2023/07/28 11:16 p.m.15 views

CVE-2022-48285 affecting package mozjs60 60.9.0-11

CVE-2022-48285 affecting package mozjs60 60.9.0-11. A patched version of the package is available...

7.3CVSS7.5AI score0.01411EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.45 views

Oracle Primavera Unifier (Jul 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface JSZip. This vulnerabilit...

7.5CVSS6.9AI score0.46836EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.60 views

Oracle Primavera Gateway (Jul 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Commons Net. Supported versions that...

7.5CVSS6.5AI score0.01858EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 11:41 p.m.37 views

Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Asset Management (CVE-2022-48285)

Summary There is a vulnerability in JSZip used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync, which...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:16 p.m.24 views

Security Bulletin: JSZip publicly disclosed vulnerability affects IBM Safer Payments (CVE-2022-48285)

Summary JSZip is used by IBM Safer Payments as part of the user interface. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when fil...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2023/01/29 6:30 a.m.4 views

-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +20893 more potentially affected by CVE-2022-48285 via jszip (>=0.2.1 <=3.7.1)

jszip NPM version =0.2.1, =0.2.13, =1.0.0, =4.3.4, =1.0.0, =1.0.4 - 3llm =0.0.1 - 3vot-clay =2.0.1 - 4xx =0.0.1 - 5-ifc-check-cli =1.0.0 and more Source cves: CVE-2022-48285 Source advisory: OSV:GHSA-36FH-84J7-CV5H...

7.3CVSS6.7AI score0.01411EPSS
Exploits0
OSV
OSV
added 2023/01/29 5:15 a.m.8 views

AZL-57076 CVE-2022-48285 affecting package beust-jcommander 2.0-1

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References1
OSV
OSV
added 2023/01/29 5:15 a.m.2 views

UBUNTU-CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/01/29 12:0 a.m.25 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.2AI score0.01411EPSS
Exploits0References5
CVE
CVE
added 2023/01/29 12:0 a.m.229 views

CVE-2022-48285

CVE-2022-48285 affects JSZip: the loadAsync function in JSZip before 3.8.0 can be exploited to perform a directory traversal via crafted ZIP archives, enabling access to files outside the target directory. Remediation: upgrade to JSZip 3.8.0 or later, which fixes the issue.

7.3CVSS6.8AI score0.01411EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder